ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "Windows Registry"

From ForensicsWiki
Jump to: navigation, search
m (added reglookup)
m
Line 15: Line 15:
 
==Tools==
 
==Tools==
 
===Open Source===
 
===Open Source===
* [http://projects.sentinelchicken.org/reglookup/] — "small command line utility for reading and querying Windows NT-based registries."
+
* [http://projects.sentinelchicken.org/reglookup/ reglookup] — "small command line utility for reading and querying Windows NT-based registries."
 
* [http://sourceforge.net/projects/regviewer/ regviewer] — a tool for looking at the registry.
 
* [http://sourceforge.net/projects/regviewer/ regviewer] — a tool for looking at the registry.
 
* [http://www.regripper.net/ RegRipper] — "the fastest, easiest, and best tool for registry analysis in forensics examinations."
 
* [http://www.regripper.net/ RegRipper] — "the fastest, easiest, and best tool for registry analysis in forensics examinations."

Revision as of 19:13, 18 November 2008

Bibliography

  • Recovering Deleted Data From the Windows Registry. Timothy Morgan, DFRWS 2008 [paper] [slides]
  • [1]

Tools

Open Source

  • reglookup — "small command line utility for reading and querying Windows NT-based registries."
  • regviewer — a tool for looking at the registry.
  • RegRipper — "the fastest, easiest, and best tool for registry analysis in forensics examinations."

Commercial

See Also